You are on page 1of 6

Research Brief

ExtraHop Networks: Network-Based Application Performance Manage ment
Introduction Clabby Analytics has been covering the application performance management (APM) market for almost two years. Back in March 2010, I (Jane Clabby) published a report entitled, “How Business Transaction Management Tools Are Making It Possible to Address Transaction Performance Tuning and Capacity Planning Issues in the Cloud,” available for free at http://www.clabbyanalytics.com/uploads/BTMRevFinalOne.pdf. In that report we looked at the various approaches to business transaction management (BTM) and made recommendations regarding the type of tools that could offer the most comprehensive, accurate application performance data. I contrasted two approaches: (1) A tiered (agent-based) application performance management approach that uses topologydriven, deterministic tracking/monitoring approach and (2) a siloed application performance management approach that uses a network sniffer/time-correlation (agentless) approach (also called a “network tap” approach) to analyze transaction behavior. We were critical of network sniffer approaches because of their inability to monitor/manage transactions across multiple tiers. ExtraHop Networks caught my attention when they were included in Gartner’s APM Innovators: Driving APM Technology and Delivery Evolution report released in December 2011. I did a little research and learned that ExtraHop’s product is agentless, networkbased and capable of tracking transactions across multiple tiers. I was intrigued because ExtraHop represented a solution that looked easy to install and manage, and was comprehensive enough to follow transactions from end-to-end. I contacted ExtraHop and arranged a briefing. In the course of the briefing, I learned that Clabby Analytics wasn’t the only analyst firm critical of agentless, network-based APM. ExtraHop was excluded from Gartner’s 2011 Magic Quadrant for Application Performance Management for this reason. As I listened and learned more, I think the exclusion was unjustified. As the market changes and evolves, Clabby Analytics believes that the definition of APM should probably be flexible as well, and that tools in this space that are providing customer value—even if the approach is different or unique—should be considered along with agent-based APM tools. In this research brief, Clabby Analytics evaluates the APM market, customer requirements for APM, the features of ExtraHop, and how ExtraHop’s unique technology is able to deliver value to customers in a range of markets. After learning more about this company, I believe that network-based APM can be a viable approach for end-to-end transaction monitoring across multiple tiers—including servers, storage, database, middleware, and the

enabling the root cause of performance issues to be identified if the problem resides in the application code. Now Netflix is being challenged by video-on-demand providers. as well as customized for specific customer requirements. New kinds of APM tools are gaining in popularity. The downside is that they can be complex and timeconsuming to install. Below is an overview of the categories of tools available today. Transaction-Oriented Tools These tools monitor and capture each transaction as it flows across all of the infrastructure tiers. including: Deep-Dive Tools Legacy “deep dive” application performance management tools provide component-level application diagnostics. lost the battle to Netflix. the maker of the Blackberry. and training. implement and use. We constantly see examples of companies that have failed to adapt or haven’t adapted quickly enough. the tools must be updated. and provide a “time-to-value” that can be measured in days rather than weeks or months.ExtraHop Networks – Network-Based Application Performance Management web—and that ExtraHop has an “out-of-the-box” solution that can be deployed in minutes. Background Businesses today must have the flexibility to quickly alter business models to adapt to changing market conditions. depicted in a topological view. Not only that. 2012 © 2012 Clabby Analytics Page 2 . typically using lightweight server-based collection agents. once the leader in the video rental market. application developers and IT staff need tools that can be deployed quickly and easily. typically using something called bytecode instrumentation in the form of “agents” installed on servers and other devices. Administrators can easily identify where the source of a performance bottleneck is (for instance. speeding problem resolution. just declared bankruptcy. deployments. administrators February. and followed as they traverse through various levels of infrastructure. Blockbuster. The benefit of using bytecode instrumentation is in the depth and breadth of application-specific information that is gathered. Using this approach. If applications or infrastructure changes. Transactions are threaded together. In order to keep pace and stay competitive. the agents place overhead on the server that can negatively impact application performance in production environments. These changing market dynamics have created an opportunity for innovation in the APM market. RIM. The Borders Group liquidated last year after having seeing the market move to e-books. Businesses today don’t have the budget or time to support lengthy implementations. is losing market share to the iPhone and Android devices. Kodak. established vendors are offering new capabilities. APM Approaches There are several different approaches to application performance management. in the infrastructure tier) and deploy the appropriate resources. As a result. and cloud-based delivery models are becoming more common. recertified and redeployed. a pioneer in the film industry and the inventor of digital photography. companies must be able to launch new applications quickly—cashing in on industry trends before they become a thing of the past.

this approach has been successful—many of their customers have existing legacy APM tools but have been unable to solve their most pressing application performance problems. This is a great option for small-to-mid-size businesses that don’t want to make a significant upfront investment in software licenses. predict customer behavior. and PRGX. And. software. February. ExtraHop Networks – A Closer Look Company Overview A privately held company. In general these are not cross-tier. Kohl’s. 2012 © 2012 Clabby Analytics Page 3 . providing basic performance monitoring on a monthly subscription basis. ExtraHop has enabled these customers to quickly and noninvasively deploy one tool to gather and analyze data from all tiers. and telecommunications with a unique network-based application performance management solution. Auto-discovery and autoclassification of devices and applications enables ExtraHop to dynamically adjust to changes in the IT environment (as ExtraHop said. it is well-suited for production environments. Microsoft. healthcare. web. and transaction service levels. database. and assess the business effect of a particular issue. IT issues can be linked to the effect they have on customer experience. Concur. because it is a passive appliance. have limited support resources and need to scale quickly as the business grows. launch. ExtraHop is targeting IT management in large enterprise customers in a range of verticals including e-commerce. but rather are specific to HTTP at L7 (Open Systems Interconnect [OSI] application layer). and storage tiers. these types of tools focus on customer experience by monitoring the response times of real users as they interact with web-based applications. LexisNexis. and ensure the performance of applications quickly. A “New” Category – Network-Based APM from ExtraHop ExtraHop offers a passive network appliance that provides cross-tier visibility and correlation of transaction data across the network. but as transactions are increasingly comprised of a collection of public cloud services. Washington. it can be deployed quickly and easily in a matter of minutes—helping businesses to test. According to ExtraHop. Current customers include Adobe Systems. travel.ExtraHop Networks – Network-Based Application Performance Management can view an accurate representation of transactional dependencies. Alaska Airlines. End-User Experience Monitoring Typically agentless. transaction resource usage. it becomes difficult to track transactions and to maintain their relationship to a specific application. helping to identify performance issues. ExtraHop Networks was founded in 2007 by the lead architects of F5 Networks's TMOS platform and BIG-IP product line and is headquartered in Seattle. “It is like Google Earth for your network”). Network-level metrics and critical application-level details are captured. Cloud-Based – Software as a Service (SaaS) APM Some legacy vendors are offering a “skinny” version of their enterprise APM as a cloud service. These tools are useful. financial services. and since there is no overhead.

This enables businesses to easily gain back visibility into secure environments for monitoring and management. ExtraHop SSL decryption capabilities perform real-time decryption and analysis of SSLprotected traffic and performs audits of ciphers. ExtraHop can monitor and report on database performance in real-time. So. NAS/SAN. and industry-specific protocols (such as FIX transaction metrics for financial trades). February. According to ExtraHop.ExtraHop Networks – Network-Based Application Performance Management Solution Overview Network-based APM is based on the idea that all the performance and transaction data that is required to manage applications is already available on the network. ExtraHop Network-Based APM Source: ExtraHop. ExtraHop’s technology extracts L2-L7 metrics from thousands of transactions simultaneously (See Figure 1. enabling issues to be detected and resolved proactively. ExtraHop employs full-stream reassembly and full content analysis (rather than a sampling technique) so that all transaction data is collected in real-time. key lengths. ExtraHop also captures application-level metrics (L7) across multiple tiers including web applications. databases. below). Figure 1. traditional agent-based database profilers used in production can add as much as 30% overhead. This means that in addition to device and network level metrics (L2-L4). 2012 © 2012 Clabby Analytics Page 4 . while many enterprise customers will turn off database profilers while in production and only turn them on when troubleshooting a problem. 2012 One of the most significant features of ExtraHop is its ability to monitor and analyze database performance in production environments without incurring any additional overhead. This wealth of information is collected passively with no impact on the application. at a sustained 10Gbps. directory services. and certificates at speeds up to a sustained 10Gbps (a higher performance/higher volume approach than traditional software-driven SSL decryption). and specific details of the data enable IT personnel to quickly isolate the root cause of an issue (such as the specific URI included in a HTTP 500 Error or slow stored procedures in a database).

(Especially suitable for branch office deployment. ExtraHop has the benefits of an out-of-the-box solution (easy installation/deployment. With this capability.) February. if a customer has a performance issue only with iPhones accessing a particular web application (but performance data doesn’t separate iPhone metrics). For example. simplified training and management.and trend-based alerts based on correlation and analysis of metrics from multiple tiers Web interface with drill-down to specific devices Application activity mapping displays dependencies based on device/application auto-discovery High-performance 10Gbps throughput Centralized management of thousands of devices Dynamic rule-based grouping Customizable reporting Memcached (e-commerce memory caching protocol for high-speed application access) data protocol analysis ExtraHop’s unique network-based approach has the following benefits: Ease of installation/deployment (can be accomplished in 15 minutes in many cases) No impact on application or system resources Automatically adjusts to changes in dynamic. virtualized IT environments Collects and analyzes data from all tiers as a single integral system Proactive alerts and warnings simplify management Can be used by IT generalists—does not require specialized training Has all the benefits of a turnkey solution but can be customized for specific customer needs 10Gps throughout can handle large enterprise installations Configuration options: Several configurations are available and are “all-in-one” systems (no per-server/per-seat costs). including the following configurations: EH1000v is a virtual appliance with up to 1Gbps throughput that analyzes traffic that passes only through virtual switches in virtual and private cloud environments. quick-time-tovalue) but can be tailored to address particular customer needs. Other ExtraHop features include: Threshold.ExtraHop Networks – Network-Based Application Performance Management “Application Inspection Triggers” technology enables the ExtraHop system to be easily customized for a customer’s unique requirements using scriptable event processing. Triggers can define additional metrics for analysis in specific environments. 2012 © 2012 Clabby Analytics Page 5 . an application inspection trigger can parse the user-agent from the HTTP request. recording iPhonespecific metrics.

For these reasons. Many businesses use complex APM tools in preproduction to identify performance issues before application roll-out. However. Passive and non-invasive. Clabby Analytics http://www. enterprises that operate dynamic. because it is agentless and appliance-based. ExtraHop’s network-based application performance management solution has been designed from the ground up to address today’s computing challenges. 2012 Clabby Analytics is an independent technology research and analysis organization.com. distributed environments. After hearing about ExtraHop’s network-based APM. For proactive management. the ExtraHop systemimposes no system or network overhead and requires no application changes. is easily installed and provides a return-on-investment almost immediately. and short time-to-value. Clabby Analytics likes the “best-ofboth-worlds” aspect of having a packaged solution and the option of using application inspection triggers for customization. The ExtraHop system.ExtraHop Networks – Network-Based Application Performance Management EH2000 (1U appliance) performs real-time transaction analysis at up to 3Gbps for departmental or entry-level applications. APM tools must be operating continuously in production. In uncertain economic times. as compute environments are increasingly comprised of physical and virtual components as well as public and private clouds. EH5000 (2U appliance) performs real-time transaction analysis at a sustained 10Gbps for large enterprise environments. virtualized. ExtraHop Central Manager is a virtual appliance that aggregates data from multiple ExtraHop systems and is designed for centralized management and reporting across large. virtualized computing environments. This approach may work with static applications and consistent physical infrastructure. infrastructure is dynamic and performance issues can arise at any time. . we advocate certain positions — and encourage our readers to find counter opinions —then balance both points-of -view in order to decide on a course of action. efficiently and effectively in complex. but they then “turn off” those tools in production (due to overhead that affects application performance). Because of ExtraHop’s unique architecture that captures and analyzes existing network traffic across all tiers. this is essential due to budget constraints as well as pressure for businesses to constantly launch new applications to stay competitive.com Telephone: 001 (207) 846-6662 © 2012 Clabby Analytics All rights reserved February.clabbyanalytics. distributed. Clabby Analytics revises our earlier position on network-based APM solutions. no system overhead.ClabbyAnalytics. ExtraHop provides a complete end-to-end view of transactions while at the same time offering the benefits of an agentless solution—ease of installation and deployment. Unlike many other research firms. Summary Observations While legacy APM vendors scramble to provide enhancements to their products that will enable them to operate easily. we believe that they have defined a new category. Other research and analysis conducted by Clabby Analytics can be found at: www. distributed computing environments should give ExtraHop careful consideration when selecting an APM product.